emdash 0.11.0 → 0.12.0

package/dist/{validate-CO3JjFV5.d.mts → validate-BcC3m2O7.d.mts}

@@ -1,5 +1,5 @@
 import { t as Database } from "./types-BQx6ZXpR.mjs";
-import { i as SiteSettings, m as FieldType } from "./types-IZSZfEwv.mjs";
+import { i as SiteSettings, m as FieldType } from "./types-B1gLSAH2.mjs";
 import { d as Storage } from "./types-C-aFbqmA.mjs";
 import { Kysely } from "kysely";
 
@@ -345,4 +345,4 @@ declare function loadUserSeed(): Promise<SeedFile | null>;
 declare function validateSeed(data: unknown): ValidationResult;
 //#endregion
 export { SeedTaxonomyTerm as _, applySeed as a, ValidationResult as b, SeedCollection as c, SeedFile as d, SeedMenu as f, SeedTaxonomy as g, SeedSection as h, defaultSeed as i, SeedContentEntry as l, SeedRedirect as m, loadSeed as n, SeedApplyOptions as o, SeedMenuItem as p, loadUserSeed as r, SeedApplyResult as s, validateSeed as t, SeedField as u, SeedWidget as v, SeedWidgetArea as y };
-//# sourceMappingURL=validate-CO3JjFV5.d.mts.map
+//# sourceMappingURL=validate-BcC3m2O7.d.mts.map

package/dist/{validate-CO3JjFV5.d.mts.map → validate-BcC3m2O7.d.mts.map}

@@ -1 +1 @@
-{"version":3,"file":"validate-CO3JjFV5.d.mts","names":[],"sources":["../src/seed/types.ts","../src/seed/apply.ts","../src/seed/default.ts","../src/seed/load.ts","../src/seed/validate.ts"],"mappings":";;;;;;;;;UAciB,QAAA;EAwBR;EAtBR,OAAA;EA4Bc;EAzBd,OAAA;EA+BU;EA5BV,IAAA;IACC,IAAA;IACA,WAAA;IACA,MAAA;EAAA;EAND;EAUA,QAAA,GAAW,OAAA,CAAQ,YAAA;EANlB;EASD,WAAA,GAAc,cAAA;EAPb;EAUD,UAAA,GAAa,YAAA;EANF;EASX,KAAA,GAAQ,QAAA;EANR;EASA,SAAA,GAAY,YAAA;EANZ;EASA,WAAA,GAAc,cAAA;EANd;EASA,QAAA,GAAW,WAAA;EANX;EASA,OAAA,GAAU,UAAA;EANV;EASA,OAAA,GAAU,MAAA,SAAe,gBAAA;AAAA;;;;UAMT,cAAA;EAChB,IAAA;EACA,KAAA;EACA,aAAA;EACA,WAAA;EACA,IAAA;EACA,QAAA;EACA,UAAA;EAGiB;EADjB,eAAA;EACA,MAAA,EAAQ,SAAA;AAAA;;;;UAMQ,SAAA;EAChB,IAAA;EACA,KAAA;EACA,IAAA,EAAM,SAAA;EACN,QAAA;EACA,MAAA;EACA,UAAA;EACA,YAAA;EACA,UAAA,GAAa,MAAA;EACb,MAAA;EACA,OAAA,GAAU,MAAA;AAAA;;;;;UAOM,YAAA;EAdV;EAgBN,EAAA;EACA,IAAA;EACA,KAAA;EACA,aAAA;EACA,YAAA;EACA,WAAA;EACA,MAAA;EACA,aAAA;EACA,KAAA,GAAQ,gBAAA;AAAA;;AAVT;;UAgBiB,gBAAA;EANQ;EAQxB,EAAA;EACA,IAAA;EACA,KAAA;EACA,WAAA;EACA,MAAA;EACA,MAAA;EACA,aAAA;AAAA;;;;UAMgB,QAAA;EAdA;EAgBhB,EAAA;EACA,IAAA;EACA,KAAA;EACA,MAAA;EACA,aAAA;EACA,KAAA,EAAO,YAAA;AAAA;;;;UAMS,YAAA;EAnBH;EAqBb,EAAA;EACA,IAAA;EACA,KAAA;EACA,GAAA;EACA,GAAA;EACA,UAAA;EACA,MAAA;EACA,SAAA;EACA,UAAA;EACA,MAAA;EACA,aAAA;EACA,QAAA,GAAW,YAAA;AAAA;AAbZ;;;AAAA,UAmBiB,YAAA;EAChB,MAAA;EACA,WAAA;EACA,IAAA;EACA,OAAA;EACA,SAAA;AAAA;;;;UAMgB,cAAA;EAChB,IAAA;EACA,KAAA;EACA,WAAA;EACA,OAAA,EAAS,UAAA;AAAA;AAfV;;;AAAA,UAqBiB,UAAA;EAChB,IAAA;EACA,KAAA;EAGA,OAAA,GAAU,KAAA;IAAQ,KAAA;IAAe,IAAA;IAAA,CAAgB,GAAA;EAAA;EAGjD,QAAA;EAGA,WAAA;EACA,KAAA,GAAQ,MAAA;AAAA;;;;UAMQ,WAAA;EAChB,IAAA;EACA,KAAA;EACA,WAAA;EArBgB;EAuBhB,QAAA;;EAEA,OAAA,EAAS,KAAA;IAAQ,KAAA;IAAe,IAAA;IAAA,CAAgB,GAAA;EAAA;EApB9B;EAsBlB,MAAA;AAAA;;;;UAMgB,UAAA;EArBF;EAuBd,EAAA;EACA,IAAA;EACA,WAAA;EACA,GAAA;EACA,UAAA;EACA,OAAA;AAAA;;;;UAMgB,gBAAA;EArBC;EAuBjB,EAAA;EAvBgD;EA0BhD,IAAA;EAxBM;EA2BN,MAAA;EArBgB;EAwBhB,IAAA,EAAM,MAAA;;EAGN,UAAA,GAAa,MAAA;EAzBb;EA4BA,OAAA,GAAU,gBAAA;EA1BV;EA6BA,MAAA;EA3BA;;;;EAiCA,aAAA;AAAA;AAAA,UAGgB,gBAAA;EAlBV;EAoBN,MAAA;EACA,SAAA;AAAA;;;;UAMgB,gBAAA;EA3BhB;EA6BA,cAAA;EA1BA;EA6BA,UAAA;EA1BA;EA6BA,aAAA;EA1BA;;;;EAgCA,OAAA,GAAU,OAAA;EAvBsB;;;;AASjC;;;;;;EA0BC,iBAAA;AAAA;;;;UAMgB,eAAA;EAChB,WAAA;IAAe,OAAA;IAAiB,OAAA;IAAiB,OAAA;EAAA;EACjD,MAAA;IAAU,OAAA;IAAiB,OAAA;IAAiB,OAAA;EAAA;EAC5C,UAAA;IAAc,OAAA;IAAiB,KAAA;EAAA;EAC/B,OAAA;IAAW,OAAA;IAAiB,OAAA;IAAiB,OAAA;EAAA;EAC7C,KAAA;IAAS,OAAA;IAAiB,KAAA;EAAA;EAC1B,SAAA;IAAa,OAAA;IAAiB,OAAA;IAAiB,OAAA;EAAA;EAC/C,WAAA;IAAe,OAAA;IAAiB,OAAA;EAAA;EAChC,QAAA;IAAY,OAAA;IAAiB,OAAA;IAAiB,OAAA;EAAA;EAC9C,QAAA;IAAY,OAAA;EAAA;EACZ,OAAA;IAAW,OAAA;IAAiB,OAAA;IAAiB,OAAA;EAAA;EAC7C,KAAA;IAAS,OAAA;IAAiB,OAAA;EAAA;AAAA;;;;UAMV,gBAAA;EAChB,KAAA;EACA,MAAA;EACA,QAAA;AAAA;;;;;;;;;;;;;iBCzPqB,SAAA,CACrB,EAAA,EAAI,MAAA,CAAO,QAAA,GACX,IAAA,EAAM,QAAA,EACN,OAAA,GAAS,gBAAA,GACP,OAAA,CAAQ,eAAA;;;cCzDE,WAAA,EAAa,QAAA;;;;;;iBCcJ,QAAA,CAAA,GAAY,OAAA,CAAQ,QAAA;;;;iBAQpB,YAAA,CAAA,GAAgB,OAAA,CAAQ,QAAA;;;AHjB9C;;;;;;AAAA,iBIuBgB,YAAA,CAAa,IAAA,YAAgB,gBAAA"}
+{"version":3,"file":"validate-BcC3m2O7.d.mts","names":[],"sources":["../src/seed/types.ts","../src/seed/apply.ts","../src/seed/default.ts","../src/seed/load.ts","../src/seed/validate.ts"],"mappings":";;;;;;;;;UAciB,QAAA;EAwBR;EAtBR,OAAA;EA4Bc;EAzBd,OAAA;EA+BU;EA5BV,IAAA;IACC,IAAA;IACA,WAAA;IACA,MAAA;EAAA;EAND;EAUA,QAAA,GAAW,OAAA,CAAQ,YAAA;EANlB;EASD,WAAA,GAAc,cAAA;EAPb;EAUD,UAAA,GAAa,YAAA;EANF;EASX,KAAA,GAAQ,QAAA;EANR;EASA,SAAA,GAAY,YAAA;EANZ;EASA,WAAA,GAAc,cAAA;EANd;EASA,QAAA,GAAW,WAAA;EANX;EASA,OAAA,GAAU,UAAA;EANV;EASA,OAAA,GAAU,MAAA,SAAe,gBAAA;AAAA;;;;UAMT,cAAA;EAChB,IAAA;EACA,KAAA;EACA,aAAA;EACA,WAAA;EACA,IAAA;EACA,QAAA;EACA,UAAA;EAGiB;EADjB,eAAA;EACA,MAAA,EAAQ,SAAA;AAAA;;;;UAMQ,SAAA;EAChB,IAAA;EACA,KAAA;EACA,IAAA,EAAM,SAAA;EACN,QAAA;EACA,MAAA;EACA,UAAA;EACA,YAAA;EACA,UAAA,GAAa,MAAA;EACb,MAAA;EACA,OAAA,GAAU,MAAA;AAAA;;;;;UAOM,YAAA;EAdV;EAgBN,EAAA;EACA,IAAA;EACA,KAAA;EACA,aAAA;EACA,YAAA;EACA,WAAA;EACA,MAAA;EACA,aAAA;EACA,KAAA,GAAQ,gBAAA;AAAA;;AAVT;;UAgBiB,gBAAA;EANQ;EAQxB,EAAA;EACA,IAAA;EACA,KAAA;EACA,WAAA;EACA,MAAA;EACA,MAAA;EACA,aAAA;AAAA;;;;UAMgB,QAAA;EAdA;EAgBhB,EAAA;EACA,IAAA;EACA,KAAA;EACA,MAAA;EACA,aAAA;EACA,KAAA,EAAO,YAAA;AAAA;;;;UAMS,YAAA;EAnBH;EAqBb,EAAA;EACA,IAAA;EACA,KAAA;EACA,GAAA;EACA,GAAA;EACA,UAAA;EACA,MAAA;EACA,SAAA;EACA,UAAA;EACA,MAAA;EACA,aAAA;EACA,QAAA,GAAW,YAAA;AAAA;AAbZ;;;AAAA,UAmBiB,YAAA;EAChB,MAAA;EACA,WAAA;EACA,IAAA;EACA,OAAA;EACA,SAAA;AAAA;;;;UAMgB,cAAA;EAChB,IAAA;EACA,KAAA;EACA,WAAA;EACA,OAAA,EAAS,UAAA;AAAA;AAfV;;;AAAA,UAqBiB,UAAA;EAChB,IAAA;EACA,KAAA;EAGA,OAAA,GAAU,KAAA;IAAQ,KAAA;IAAe,IAAA;IAAA,CAAgB,GAAA;EAAA;EAGjD,QAAA;EAGA,WAAA;EACA,KAAA,GAAQ,MAAA;AAAA;;;;UAMQ,WAAA;EAChB,IAAA;EACA,KAAA;EACA,WAAA;EArBgB;EAuBhB,QAAA;;EAEA,OAAA,EAAS,KAAA;IAAQ,KAAA;IAAe,IAAA;IAAA,CAAgB,GAAA;EAAA;EApB9B;EAsBlB,MAAA;AAAA;;;;UAMgB,UAAA;EArBF;EAuBd,EAAA;EACA,IAAA;EACA,WAAA;EACA,GAAA;EACA,UAAA;EACA,OAAA;AAAA;;;;UAMgB,gBAAA;EArBC;EAuBjB,EAAA;EAvBgD;EA0BhD,IAAA;EAxBM;EA2BN,MAAA;EArBgB;EAwBhB,IAAA,EAAM,MAAA;;EAGN,UAAA,GAAa,MAAA;EAzBb;EA4BA,OAAA,GAAU,gBAAA;EA1BV;EA6BA,MAAA;EA3BA;;;;EAiCA,aAAA;AAAA;AAAA,UAGgB,gBAAA;EAlBV;EAoBN,MAAA;EACA,SAAA;AAAA;;;;UAMgB,gBAAA;EA3BhB;EA6BA,cAAA;EA1BA;EA6BA,UAAA;EA1BA;EA6BA,aAAA;EA1BA;;;;EAgCA,OAAA,GAAU,OAAA;EAvBsB;;;;AASjC;;;;;;EA0BC,iBAAA;AAAA;;;;UAMgB,eAAA;EAChB,WAAA;IAAe,OAAA;IAAiB,OAAA;IAAiB,OAAA;EAAA;EACjD,MAAA;IAAU,OAAA;IAAiB,OAAA;IAAiB,OAAA;EAAA;EAC5C,UAAA;IAAc,OAAA;IAAiB,KAAA;EAAA;EAC/B,OAAA;IAAW,OAAA;IAAiB,OAAA;IAAiB,OAAA;EAAA;EAC7C,KAAA;IAAS,OAAA;IAAiB,KAAA;EAAA;EAC1B,SAAA;IAAa,OAAA;IAAiB,OAAA;IAAiB,OAAA;EAAA;EAC/C,WAAA;IAAe,OAAA;IAAiB,OAAA;EAAA;EAChC,QAAA;IAAY,OAAA;IAAiB,OAAA;IAAiB,OAAA;EAAA;EAC9C,QAAA;IAAY,OAAA;EAAA;EACZ,OAAA;IAAW,OAAA;IAAiB,OAAA;IAAiB,OAAA;EAAA;EAC7C,KAAA;IAAS,OAAA;IAAiB,OAAA;EAAA;AAAA;;;;UAMV,gBAAA;EAChB,KAAA;EACA,MAAA;EACA,QAAA;AAAA;;;;;;;;;;;;;iBCzPqB,SAAA,CACrB,EAAA,EAAI,MAAA,CAAO,QAAA,GACX,IAAA,EAAM,QAAA,EACN,OAAA,GAAS,gBAAA,GACP,OAAA,CAAQ,eAAA;;;cCzDE,WAAA,EAAa,QAAA;;;;;;iBCcJ,QAAA,CAAA,GAAY,OAAA,CAAQ,QAAA;;;;iBAQpB,YAAA,CAAA,GAAgB,OAAA,CAAQ,QAAA;;;AHjB9C;;;;;;AAAA,iBIuBgB,YAAA,CAAa,IAAA,YAAgB,gBAAA"}

package/dist/version-BdP--J1g.mjs

@@ -0,0 +1,7 @@
+//#region src/version.ts
+const VERSION = "0.12.0";
+const COMMIT = "29eeee7";
+
+//#endregion
+export { VERSION as n, COMMIT as t };
+//# sourceMappingURL=version-BdP--J1g.mjs.map

package/dist/{version-Bg31I_Ff.mjs.map → version-BdP--J1g.mjs.map}

@@ -1 +1 @@
-{"version":3,"file":"version-Bg31I_Ff.mjs","names":[],"sources":["../src/version.ts"],"sourcesContent":["/**\n * Build-time version constants, replaced by tsdown/Vite `define`.\n * Falls back to \"dev\" when running uncompiled (tests, dev).\n */\n\ndeclare const __EMDASH_VERSION__: string;\ndeclare const __EMDASH_COMMIT__: string;\n\nexport const VERSION: string =\n\ttypeof __EMDASH_VERSION__ !== \"undefined\" ? __EMDASH_VERSION__ : \"dev\";\n\nexport const COMMIT: string = typeof __EMDASH_COMMIT__ !== \"undefined\" ? __EMDASH_COMMIT__ : \"dev\";\n"],"mappings":";AAQA,MAAa;AAGb,MAAa"}
+{"version":3,"file":"version-BdP--J1g.mjs","names":[],"sources":["../src/version.ts"],"sourcesContent":["/**\n * Build-time version constants, replaced by tsdown/Vite `define`.\n * Falls back to \"dev\" when running uncompiled (tests, dev).\n */\n\ndeclare const __EMDASH_VERSION__: string;\ndeclare const __EMDASH_COMMIT__: string;\n\nexport const VERSION: string =\n\ttypeof __EMDASH_VERSION__ !== \"undefined\" ? __EMDASH_VERSION__ : \"dev\";\n\nexport const COMMIT: string = typeof __EMDASH_COMMIT__ !== \"undefined\" ? __EMDASH_COMMIT__ : \"dev\";\n"],"mappings":";AAQA,MAAa;AAGb,MAAa"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "emdash",
-  "version": "0.11.0",
+  "version": "0.12.0",
   "description": "Astro-native CMS with WordPress migration support",
   "type": "module",
   "main": "dist/index.mjs",
@@ -194,9 +194,9 @@
     "ulidx": "^2.4.1",
     "upng-js": "^2.1.0",
     "zod": "^4.3.5",
-    "@emdash-cms/admin": "0.11.0",
-    "@emdash-cms/auth": "0.11.0",
-    "@emdash-cms/gutenberg-to-portable-text": "0.11.0",
+    "@emdash-cms/gutenberg-to-portable-text": "0.12.0",
+    "@emdash-cms/auth": "0.12.0",
+    "@emdash-cms/admin": "0.12.0",
     "@emdash-cms/plugin-types": "0.0.1"
   },
   "optionalDependencies": {
@@ -205,7 +205,7 @@
   },
   "peerDependencies": {
     "@astrojs/react": ">=5.0.0-beta.0",
-    "@emdash-cms/auth-atproto": ">=0.2.3",
+    "@emdash-cms/auth-atproto": ">=0.2.5",
     "astro": ">=6.0.0-beta.0",
     "react": ">=18.0.0",
     "react-dom": ">=18.0.0"
@@ -230,7 +230,7 @@
     "vite": "^6.0.0",
     "vitest": "^4.1.5",
     "zod-openapi": "^5.4.6",
-    "@emdash-cms/blocks": "0.11.0"
+    "@emdash-cms/blocks": "0.12.0"
   },
   "repository": {
     "type": "git",

package/src/api/schemas/settings.ts

@@ -4,9 +4,14 @@ import { httpUrl } from "./common.js";
 
 // ---------------------------------------------------------------------------
 // Settings: Input schemas
+//
+// Media references on write are just `{ mediaId, alt? }` -- the resolved
+// fields (`url`, `contentType`, `width`, `height`) are server-computed and
+// stripped from any submitted body via Zod's default strip mode. See
+// `packages/core/src/settings/types.ts` for the in-memory shape.
 // ---------------------------------------------------------------------------
 
-const mediaReference = z.object({
+const mediaReferenceInput = z.object({
 	mediaId: z.string(),
 	alt: z.string().optional(),
 });
@@ -20,9 +25,9 @@ const socialSettings = z.object({
 	youtube: z.string().optional(),
 });
 
-const seoSettings = z.object({
+const seoSettingsInput = z.object({
 	titleSeparator: z.string().max(10).optional(),
-	defaultOgImage: mediaReference.optional(),
+	defaultOgImage: mediaReferenceInput.optional(),
 	robotsTxt: z.string().max(5000).optional(),
 	googleVerification: z.string().max(100).optional(),
 	bingVerification: z.string().max(100).optional(),
@@ -32,32 +37,59 @@ export const settingsUpdateBody = z
 	.object({
 		title: z.string().optional(),
 		tagline: z.string().optional(),
-		logo: mediaReference.optional(),
-		favicon: mediaReference.optional(),
+		logo: mediaReferenceInput.optional(),
+		favicon: mediaReferenceInput.optional(),
 		url: z.union([httpUrl, z.literal("")]).optional(),
 		postsPerPage: z.number().int().min(1).max(100).optional(),
 		dateFormat: z.string().optional(),
 		timezone: z.string().optional(),
 		social: socialSettings.optional(),
-		seo: seoSettings.optional(),
+		seo: seoSettingsInput.optional(),
 	})
 	.meta({ id: "SettingsUpdateBody" });
 
 // ---------------------------------------------------------------------------
 // Settings: Response schemas
+//
+// Responses carry the resolved fields populated by `resolveMediaReference`
+// in `settings/index.ts`. Generated OpenAPI clients need to see them so
+// they don't have to re-resolve the URL on the client. Fields stay
+// optional because the resolver returns the bare ref if the underlying
+// media row was deleted (orphaned reference).
 // ---------------------------------------------------------------------------
 
+const mediaReferenceResponse = z.object({
+	mediaId: z.string(),
+	alt: z.string().optional(),
+	/** Resolved media file URL; absent if the underlying row is missing. */
+	url: z.string().optional(),
+	/** Stored MIME type (e.g. `image/svg+xml`). Populated alongside `url`. */
+	contentType: z.string().optional(),
+	/** Pixel width if known. Populated alongside `url`. */
+	width: z.number().int().optional(),
+	/** Pixel height if known. Populated alongside `url`. */
+	height: z.number().int().optional(),
+});
+
+const seoSettingsResponse = z.object({
+	titleSeparator: z.string().max(10).optional(),
+	defaultOgImage: mediaReferenceResponse.optional(),
+	robotsTxt: z.string().max(5000).optional(),
+	googleVerification: z.string().max(100).optional(),
+	bingVerification: z.string().max(100).optional(),
+});
+
 export const siteSettingsSchema = z
 	.object({
 		title: z.string().optional(),
 		tagline: z.string().optional(),
-		logo: mediaReference.optional(),
-		favicon: mediaReference.optional(),
+		logo: mediaReferenceResponse.optional(),
+		favicon: mediaReferenceResponse.optional(),
 		url: z.string().optional(),
 		postsPerPage: z.number().int().optional(),
 		dateFormat: z.string().optional(),
 		timezone: z.string().optional(),
 		social: socialSettings.optional(),
-		seo: seoSettings.optional(),
+		seo: seoSettingsResponse.optional(),
 	})
 	.meta({ id: "SiteSettings" });

package/src/astro/routes/api/content/[collection]/[id]/discard-draft.ts

@@ -50,7 +50,7 @@ export const POST: APIRoute = async ({ params, locals, cache }) => {
 
 	if (!result.success) return unwrapResult(result);
 
-	if (cache.enabled) await cache.invalidate({ tags: [collection, resolvedId] });
+	if (cache?.enabled) await cache.invalidate({ tags: [collection, resolvedId] });
 
 	return unwrapResult(result);
 };

package/src/astro/routes/api/content/[collection]/[id]/duplicate.ts

@@ -55,7 +55,7 @@ export const POST: APIRoute = async ({ params, locals, cache }) => {
 
 	if (!result.success) return unwrapResult(result);
 
-	if (cache.enabled) await cache.invalidate({ tags: [collection] });
+	if (cache?.enabled) await cache.invalidate({ tags: [collection] });
 
 	return unwrapResult(result, 201);
 };

package/src/astro/routes/api/content/[collection]/[id]/permanent.ts

@@ -27,7 +27,7 @@ export const DELETE: APIRoute = async ({ params, locals, cache }) => {
 
 	if (!result.success) return unwrapResult(result);
 
-	if (cache.enabled) await cache.invalidate({ tags: [collection, id] });
+	if (cache?.enabled) await cache.invalidate({ tags: [collection, id] });
 
 	return unwrapResult(result);
 };

package/src/astro/routes/api/content/[collection]/[id]/publish.ts

@@ -80,7 +80,7 @@ export const POST: APIRoute = async ({ params, request, locals, cache }) => {
 
 	if (!result.success) return unwrapResult(result);
 
-	if (cache.enabled) await cache.invalidate({ tags: [collection, resolvedId] });
+	if (cache?.enabled) await cache.invalidate({ tags: [collection, resolvedId] });
 
 	return unwrapResult(result);
 };

package/src/astro/routes/api/content/[collection]/[id]/restore.ts

@@ -50,7 +50,7 @@ export const POST: APIRoute = async ({ params, locals, cache }) => {
 
 	if (!result.success) return unwrapResult(result);
 
-	if (cache.enabled) await cache.invalidate({ tags: [collection, resolvedId] });
+	if (cache?.enabled) await cache.invalidate({ tags: [collection, resolvedId] });
 
 	return unwrapResult(result);
 };

package/src/astro/routes/api/content/[collection]/[id]/schedule.ts

@@ -63,7 +63,7 @@ export const POST: APIRoute = async ({ params, request, locals, cache }) => {
 
 	if (!result.success) return unwrapResult(result);
 
-	if (cache.enabled) await cache.invalidate({ tags: [collection, resolvedId ?? id] });
+	if (cache?.enabled) await cache.invalidate({ tags: [collection, resolvedId ?? id] });
 
 	return unwrapResult(result);
 };
@@ -95,7 +95,7 @@ export const DELETE: APIRoute = async ({ params, locals, cache }) => {
 
 	if (!result.success) return unwrapResult(result);
 
-	if (cache.enabled) await cache.invalidate({ tags: [collection, resolvedId ?? id] });
+	if (cache?.enabled) await cache.invalidate({ tags: [collection, resolvedId ?? id] });
 
 	return unwrapResult(result);
 };

package/src/astro/routes/api/content/[collection]/[id]/unpublish.ts

@@ -50,7 +50,7 @@ export const POST: APIRoute = async ({ params, locals, cache }) => {
 
 	if (!result.success) return unwrapResult(result);
 
-	if (cache.enabled) await cache.invalidate({ tags: [collection, resolvedId] });
+	if (cache?.enabled) await cache.invalidate({ tags: [collection, resolvedId] });
 
 	return unwrapResult(result);
 };

package/src/astro/routes/api/content/[collection]/[id].ts

@@ -125,7 +125,7 @@ export const PUT: APIRoute = async ({ params, request, locals, cache }) => {
 
 	if (!result.success) return unwrapResult(result);
 
-	if (cache.enabled) await cache.invalidate({ tags: [collection, resolvedId] });
+	if (cache?.enabled) await cache.invalidate({ tags: [collection, resolvedId] });
 
 	return unwrapResult(result);
 };
@@ -171,7 +171,7 @@ export const DELETE: APIRoute = async ({ params, locals, cache }) => {
 
 	if (!result.success) return unwrapResult(result);
 
-	if (cache.enabled) await cache.invalidate({ tags: [collection, resolvedId] });
+	if (cache?.enabled) await cache.invalidate({ tags: [collection, resolvedId] });
 
 	return unwrapResult(result);
 };

package/src/astro/routes/api/content/[collection]/index.ts

@@ -91,7 +91,7 @@ export const POST: APIRoute = async ({ params, request, locals, cache }) => {
 
 	if (!result.success) return unwrapResult(result);
 
-	if (cache.enabled) await cache.invalidate({ tags: [collection] });
+	if (cache?.enabled) await cache.invalidate({ tags: [collection] });
 
 	return unwrapResult(result, 201);
 };

package/src/astro/routes/api/media/[id].ts

@@ -135,7 +135,8 @@ export const DELETE: APIRoute = async ({ params, locals }) => {
 			}
 		}
 
-		// Delete from database
+		// Delete from database — site-settings cache invalidation happens
+		// in `EmDashRuntime.handleMediaDelete` so MCP/plugin paths inherit it.
 		const result = await emdash.handleMediaDelete(id);
 
 		return unwrapResult(result);

package/src/components/EmDashHead.astro

@@ -3,8 +3,11 @@
  * Renders base SEO metadata, plugin-contributed metadata, and trusted head fragments.
  *
  * Base SEO metadata (meta tags, OG, Twitter Card, canonical, JSON-LD) is generated
- * from the page context's seo/articleMeta/siteName fields. Plugin contributions
- * come after, so they can override base tags via first-wins dedup in resolvePageMetadata().
+ * from the page context's seo/articleMeta/siteName fields. Contributions are
+ * composed in the order `[...plugin, ...site, ...base]` and resolved by
+ * `resolvePageMetadata()` with first-wins dedup. Plugins sit at the front of
+ * the array, so for any given key plugin contributions override site-level
+ * ones, which override base ones.
  *
  * Usage:
  * ```astro
@@ -23,6 +26,7 @@ import {
 import { renderSiteIdentity } from "../page/site-identity.js";
 import { getPageRuntime } from "../page/index.js";
 import { getSiteSettings } from "../settings/index.js";
+import { absolutizeMediaUrl } from "../page/absolute-url.js";
 
 interface Props {
 	page: PublicPageContext;
@@ -31,9 +35,6 @@ interface Props {
 const { page } = Astro.props;
 const runtime = getPageRuntime(Astro.locals as Record<string, unknown>);
 
-// Base SEO contributions from page context (always generated)
-const baseContributions: PageMetadataContribution[] = generateBaseSeoContributions(page);
-
 let metadataHtml = "";
 let siteIdentityHtml = "";
 let fragmentsHtml = "";
@@ -56,6 +57,25 @@ if (runtime) {
 		runtime.collectPageFragments(page),
 	]);
 
+	// Site-level default OG image: applied per-page in base contributions
+	// rather than emitted unconditionally, so per-content images still win.
+	// `resolveMediaReference` populates `.url` on read; only the mediaId is
+	// stored, so an empty/orphaned reference safely yields undefined here.
+	//
+	// Absolutize so `og:image` / `twitter:image` / JSON-LD `image` carry a
+	// fully-qualified URL: many social-card scrapers (Slack, LinkedIn) refuse
+	// to follow relative paths even when the rest of the page provides
+	// canonical context.
+	const defaultOgImage = absolutizeMediaUrl(
+		siteSettings.seo?.defaultOgImage?.url,
+		siteSettings.url,
+		page,
+	);
+	const baseContributions: PageMetadataContribution[] = generateBaseSeoContributions(
+		page,
+		defaultOgImage,
+	);
+
 	const siteContributions = generateSiteSeoContributions(siteSettings.seo);
 	const allContributions = [...pluginContributions, ...siteContributions, ...baseContributions];
 	const resolved = resolvePageMetadata(allContributions);
@@ -64,6 +84,7 @@ if (runtime) {
 	fragmentsHtml = renderFragments(fragments, "head");
 } else {
 	// No runtime (EmDash not initialized) — still render base SEO
+	const baseContributions: PageMetadataContribution[] = generateBaseSeoContributions(page);
 	const resolved = resolvePageMetadata(baseContributions);
 	metadataHtml = renderPageMetadata(resolved);
 }

package/src/emdash-runtime.ts

@@ -164,6 +164,7 @@ import { PluginStateRepository } from "./plugins/state.js";
 import { requestCached } from "./request-cache.js";
 import { getRequestContext } from "./request-context.js";
 import { FTSManager } from "./search/fts-manager.js";
+import { invalidateSiteSettingsCache } from "./settings/index.js";
 
 /**
  * Map schema field types to editor field kinds
@@ -2055,11 +2056,29 @@ export class EmDashRuntime {
 		id: string,
 		input: { alt?: string; caption?: string; width?: number; height?: number },
 	) {
-		return handleMediaUpdate(this.db, id, input);
+		const result = await handleMediaUpdate(this.db, id, input);
+		// Resolved media references in site settings (`logo`, `favicon`,
+		// `seo.defaultOgImage`) bake in the media row's `contentType`,
+		// `width`, and `height`. A metadata edit invalidates that snapshot
+		// for every entry point: REST routes, MCP tools, plugin code, and
+		// any future caller of `handleMediaUpdate`. Cross-isolate staleness
+		// remains bounded by isolate lifetime.
+		if (result.success) {
+			invalidateSiteSettingsCache();
+		}
+		return result;
 	}
 
 	async handleMediaDelete(id: string) {
-		return handleMediaDelete(this.db, id);
+		const result = await handleMediaDelete(this.db, id);
+		// Same reasoning as `handleMediaUpdate`: if the deleted media row
+		// was referenced by a setting, the cached resolved URL now points
+		// at a 404. Invalidation is unconditional on success — cheaper than
+		// querying which settings reference the id.
+		if (result.success) {
+			invalidateSiteSettingsCache();
+		}
+		return result;
 	}
 
 	// =========================================================================

package/src/media/local-runtime.ts

@@ -14,6 +14,7 @@ import type { Kysely } from "kysely";
 import { MediaRepository } from "../database/repositories/media.js";
 import type { Database } from "../database/types.js";
 import type { Storage } from "../index.js";
+import { invalidateSiteSettingsCache } from "../settings/index.js";
 import type {
 	CreateMediaProviderFn,
 	MediaProvider,
@@ -120,6 +121,12 @@ export const createMediaProvider: CreateMediaProviderFn<LocalMediaRuntimeConfig>
 			}
 
 			await repo.delete(id);
+
+			// If this row was referenced by `logo`, `favicon`, or
+			// `seo.defaultOgImage`, the worker-scoped settings cache now
+			// holds a stale URL. The provider routes (and any future caller)
+			// bypass `handleMediaDelete`, so we invalidate here too.
+			invalidateSiteSettingsCache();
 		},
 
 		getEmbed(value: MediaValue, _options?: EmbedOptions): EmbedResult {

package/src/page/absolute-url.ts

@@ -0,0 +1,146 @@
+/**
+ * Helpers for resolving relative media URLs to absolute URLs for SEO output.
+ *
+ * Social-card scrapers (Facebook, LinkedIn, Slack, Twitter) and JSON-LD
+ * consumers expect absolute URLs in `og:image`, `twitter:image`, and
+ * structured-data `image` fields. EmDash's media file route returns a
+ * site-relative path (`/_emdash/api/media/file/...`), so anywhere the
+ * resolved URL feeds into crawler-facing markup we have to join it with
+ * the public site origin.
+ */
+
+import type { PublicPageContext } from "../plugins/types.js";
+
+const HTTP_URL_RE = /^https?:\/\//i;
+/**
+ * Protocol-relative URLs (`//cdn.example.com/x.png`) are dropped outright.
+ * They have no legitimate use in `og:image` (scrapers want a full URL) and
+ * are a well-known SSRF vector when reflected through server-side
+ * fetchers. Anything starting with `//` returns `null`.
+ */
+const PROTOCOL_RELATIVE_RE = /^\/\//;
+/**
+ * URL schemes we pass through unchanged because they are legitimately
+ * useful as OG image values. `data:image/*` is sometimes used for inline
+ * social cards (rare, but legal). Everything else with a scheme
+ * (`mailto:`, `tel:`, `file:`, `blob:`, custom protocols) would be garbage
+ * in an `og:image`; we return `null` so the caller can decide whether to
+ * fall back or drop the tag.
+ */
+const PASSTHROUGH_SCHEME_RE = /^data:image\//i;
+/**
+ * Detects URLs that have a scheme other than http/https (and other than
+ * the data:image/ form we pass through). Used to short-circuit garbage
+ * input rather than treating it as a relative path.
+ */
+const OTHER_SCHEME_RE = /^[a-z][a-z0-9+.-]*:/i;
+/**
+ * Any ASCII whitespace or C0/C1 control character anywhere in the URL is
+ * an injection signal — legitimate media URLs never contain them. Without
+ * this guard, an input like `"  https://attacker/x"` would slip past the
+ * scheme regexes (which are anchored at offset 0) and get joined as a
+ * relative path with the site origin, producing
+ * `https://site.example/  https://attacker/x` — confusing but not
+ * exploitable, plus more pathological shapes like leading newlines that
+ * could inject across header boundaries downstream.
+ */
+// eslint-disable-next-line eslint(no-control-regex) -- intentional: rejecting control chars is the whole point of this regex
+const WHITESPACE_OR_CONTROL_RE = /[\s\u0000-\u001f\u007f-\u009f]/;
+const TRAILING_SLASH_RE = /\/$/;
+
+/**
+ * `URL.origin` returns the literal string `"null"` (not the `null` value)
+ * for opaque origins like `data:`, `blob:`, and `about:blank`. Treating
+ * that as a valid origin would produce `null/og.png` in the output.
+ */
+function isUsableOrigin(origin: string): boolean {
+	return origin !== "null" && origin !== "";
+}
+
+/**
+ * Resolve the public origin to use when absolutizing a media URL.
+ *
+ * Precedence:
+ *  1. The configured `SiteSettings.url` (admin-controlled, canonical).
+ *  2. `PublicPageContext.siteUrl` (set by themes that override the origin,
+ *     e.g. when running behind a reverse proxy).
+ *  3. The origin parsed from `page.url`, which is the live request URL.
+ *
+ * Only `http:` and `https:` candidates count — anything else (e.g. `file:`,
+ * `data:`, `blob:`) would yield an unusable origin and is skipped. Returns
+ * `null` if no candidate parses to a usable HTTP(S) origin; callers should
+ * treat that as "leave the URL relative" rather than throw.
+ */
+export function resolveSiteOrigin(
+	configuredSiteUrl: string | undefined,
+	page: PublicPageContext,
+): string | null {
+	const candidates = [configuredSiteUrl, page.siteUrl, page.url];
+	for (const candidate of candidates) {
+		if (!candidate || typeof candidate !== "string") continue;
+		try {
+			const parsed = new URL(candidate);
+			if (parsed.protocol !== "http:" && parsed.protocol !== "https:") continue;
+			if (!isUsableOrigin(parsed.origin)) continue;
+			return parsed.origin;
+		} catch {
+			// Fall through to the next candidate. Configured URLs and page
+			// URLs can be malformed (e.g. an admin pasted "example.com"
+			// without a scheme); we don't want a bad config to break head
+			// rendering.
+		}
+	}
+	return null;
+}
+
+/**
+ * Absolutize a media URL using the best available site origin.
+ *
+ * - Returns `null` for missing/empty input.
+ * - Passes through already-absolute `http(s):` URLs unchanged.
+ * - Passes through `data:image/*` URLs unchanged (rare but legal as OG
+ *   image content).
+ * - Returns `null` for protocol-relative URLs (`//cdn.com/x`): no
+ *   legitimate `og:image` use case, and a known SSRF vector when reflected
+ *   through server-side fetchers.
+ * - Returns `null` for any other scheme (`mailto:`, `blob:`, `file:`,
+ *   custom protocols): emitting those into `og:image` is worse than
+ *   omitting the tag.
+ * - Returns the original (relative) URL when no origin can be resolved —
+ *   preferable to dropping `og:image` outright because scrapers that follow
+ *   relative URLs are better off than ones that get nothing.
+ *
+ * @param url - The (possibly relative) media URL, e.g. `/_emdash/api/media/file/abc.jpg`.
+ * @param configuredSiteUrl - `SiteSettings.url` value (admin-controlled).
+ * @param page - The page context providing `siteUrl` and `url` fallbacks.
+ */
+export function absolutizeMediaUrl(
+	url: string | undefined,
+	configuredSiteUrl: string | undefined,
+	page: PublicPageContext,
+): string | null {
+	if (!url) return null;
+
+	// Any whitespace or control character means this isn't a real media URL.
+	// Rejecting up front prevents scheme-regex evasion (`  https://x` would
+	// otherwise fall through to the relative-path join below).
+	if (WHITESPACE_OR_CONTROL_RE.test(url)) return null;
+
+	if (HTTP_URL_RE.test(url)) return url;
+	if (PASSTHROUGH_SCHEME_RE.test(url)) return url;
+
+	// Reject protocol-relative URLs before any other handling. Order
+	// matters: `OTHER_SCHEME_RE` wouldn't match `//x` (no leading scheme),
+	// so a missing check here would fall through to the relative-path
+	// join below and produce `https://site.example//cdn.evil.com/x`.
+	if (PROTOCOL_RELATIVE_RE.test(url)) return null;
+
+	// Any remaining `<scheme>:` form is something we'd silently mangle by
+	// prepending an origin. Drop it.
+	if (OTHER_SCHEME_RE.test(url)) return null;
+
+	const origin = resolveSiteOrigin(configuredSiteUrl, page);
+	if (!origin) return url;
+	const safePath = url.startsWith("/") ? url : `/${url}`;
+	return `${origin.replace(TRAILING_SLASH_RE, "")}${safePath}`;
+}

package/src/page/jsonld.ts

@@ -29,13 +29,21 @@ export function cleanJsonLd(obj: Record<string, unknown>): Record<string, unknow
 /**
  * Build a BlogPosting JSON-LD graph from page context.
  * Used for article-type content pages.
+ *
+ * @param page - Page context for the current request.
+ * @param defaultOgImage - Optional site-wide fallback image URL, used when
+ *   the page has no own OG image. Matches the fallback applied to `og:image`
+ *   in `generateBaseSeoContributions`.
  */
-export function buildBlogPostingJsonLd(page: PublicPageContext): Record<string, unknown> | null {
+export function buildBlogPostingJsonLd(
+	page: PublicPageContext,
+	defaultOgImage?: string | null,
+): Record<string, unknown> | null {
 	if (page.pageType !== "article" || !page.canonical) return null;
 
 	const ogTitle = page.seo?.ogTitle ?? page.pageTitle ?? page.title;
 	const description = page.seo?.ogDescription || page.description;
-	const ogImage = page.seo?.ogImage || page.image;
+	const ogImage = page.seo?.ogImage || page.image || defaultOgImage || null;
 	const publishedTime = page.articleMeta?.publishedTime;
 	const modifiedTime = page.articleMeta?.modifiedTime;
 	const author = page.articleMeta?.author;

package/src/page/seo-contributions.ts

@@ -1,9 +1,11 @@
 /**
  * Generate base SEO metadata contributions from PublicPageContext.
  *
- * These contributions are prepended BEFORE plugin contributions in
- * resolvePageMetadata(), which uses first-wins dedup. This means
- * plugins can override any base SEO tag by contributing the same key.
+ * EmDashHead.astro composes the final contribution list as
+ * `[...plugin, ...site, ...base]` and feeds it to `resolvePageMetadata()`,
+ * which is first-wins. That ordering means plugin contributions override
+ * site-level ones override base ones for any given key — base values are
+ * the fallback, not the source of truth.
  *
  * This replaces the per-template SEO.astro components, eliminating
  * the class of XSS bugs where templates hand-rolled JSON-LD serialization.
@@ -15,15 +17,24 @@ import { buildBlogPostingJsonLd, buildWebSiteJsonLd } from "./jsonld.js";
 
 /**
  * Generate base metadata contributions from a page context's SEO data.
+ *
+ * @param page - Page context produced by the runtime for the current request.
+ * @param defaultOgImage - Optional site-wide fallback OG image URL, used when
+ *   the page has no own OG image (i.e., neither `seo.ogImage` nor `image`).
+ *   Sourced from `SiteSettings.seo.defaultOgImage` by `EmDashHead`.
+ *
  * Returns an empty array if no SEO-relevant data is present.
  */
-export function generateBaseSeoContributions(page: PublicPageContext): PageMetadataContribution[] {
+export function generateBaseSeoContributions(
+	page: PublicPageContext,
+	defaultOgImage?: string | null,
+): PageMetadataContribution[] {
 	const contributions: PageMetadataContribution[] = [];
 
 	const description = page.description;
 	const ogTitle = page.seo?.ogTitle ?? page.pageTitle ?? page.title;
 	const ogDescription = page.seo?.ogDescription || description;
-	const ogImage = page.seo?.ogImage || page.image;
+	const ogImage = page.seo?.ogImage || page.image || defaultOgImage || null;
 	const robots = page.seo?.robots;
 	const canonical = page.canonical;
 	const siteName = page.siteName;
@@ -122,7 +133,7 @@ export function generateBaseSeoContributions(page: PublicPageContext): PageMetad
 	// -- JSON-LD --
 
 	if (page.pageType === "article") {
-		const blogPosting = buildBlogPostingJsonLd(page);
+		const blogPosting = buildBlogPostingJsonLd(page, defaultOgImage ?? null);
 		if (blogPosting) {
 			contributions.push({ kind: "jsonld", id: "primary", graph: blogPosting });
 		}